changeset
Logs check's only yesterdays events, better mailbox check
Sun, 17 Feb 2013 19:49:24 +0100
- author
- Michiel Broek <mbroek@mbse.eu>
- date
- Sun, 17 Feb 2013 19:49:24 +0100
- changeset 15
- c4a1470ab59d
- parent 14
- 59e07bba67cc
- child 16
- 37f217a8bcce
Logs check's only yesterdays events, better mailbox check
--- a/cron.daily/security Thu Dec 06 15:08:01 2012 +0100 +++ b/cron.daily/security Sun Feb 17 19:49:24 2013 +0100 @@ -1,9 +1,9 @@ #!/bin/bash # ############################################################################# -# Copyright (C) 2005-2009 +# Copyright (C) 2005-2013 # -# Michiel Broek <mbse@mbse.dds.nl> +# Michiel Broek <mbse at mbse.eu> # Beekmansbos 10 # 1971 BV IJmuiden # the Netherlands @@ -25,7 +25,7 @@ # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. ############################################################################# -VERSION=0.15 +VERSION=0.16 export PATH=/bin:/usr/bin:/sbin:/usr/sbin umask 077 LANG=C; export LANG
--- a/security.d/chk_logs Thu Dec 06 15:08:01 2012 +0100 +++ b/security.d/chk_logs Sun Feb 17 19:49:24 2013 +0100 @@ -1,9 +1,9 @@ #!/bin/bash # ############################################################################# -# Copyright (C) 2005-2012 +# Copyright (C) 2005-2013 # -# Michiel Broek <mbse@mbse.dds.nl> +# Michiel Broek <mbse at mbse.eu> # the Netherlands # # This file is part of SlackSecCheckScripts. @@ -41,15 +41,16 @@ TMP2=secure1.$$ OUTPUT=secure4.$$ +YESTER=$(date '+%b %d' -d yesterday) -egrep ' useradd\[' /var/log/secure > $TMP2 -egrep ' userdel\[' /var/log/secure >> $TMP2 -egrep ' usermod\[' /var/log/secure >> $TMP2 -egrep ' groupadd\[' /var/log/secure >> $TMP2 -egrep ' groupdel\[' /var/log/secure >> $TMP2 -egrep ' groupmod\[' /var/log/secure >> $TMP2 -egrep ' passwd\[' /var/log/secure >> $TMP2 -egrep ' sudo:' /var/log/messages >> $TMP2 +grep -e ' useradd\[' /var/log/secure | grep -e "${YESTER}" > $TMP2 +grep -e ' userdel\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2 +grep -e ' usermod\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2 +grep -e ' groupadd\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2 +grep -e ' groupdel\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2 +grep -e ' groupmod\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2 +grep -e ' passwd\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2 +grep -e ' sudo:' /var/log/messages | grep -e "${YESTER}" >> $TMP2 cat $TMP2 | sort > $OUTPUT
--- a/security.d/chk_mailbox Thu Dec 06 15:08:01 2012 +0100 +++ b/security.d/chk_mailbox Sun Feb 17 19:49:24 2013 +0100 @@ -1,9 +1,9 @@ #!/bin/bash # ############################################################################# -# Copyright (C) 2005-2012 +# Copyright (C) 2005-2013 # -# Michiel Broek <mbse@mbse.eu> +# Michiel Broek <mbse at mbse.eu> # the Netherlands # # This file is part of SlackSecCheckScripts. @@ -44,7 +44,7 @@ # Mailboxes should be owned by user and unreadable. # -/bin/ls -l /var/spool/mail | \ +/bin/ls -l /var/spool/mail | grep -v ^d | \ awk ' NR == 1 { next; } $3 != $9 { printf "\tUser %s mailbox is owned by %s.\n", $9, $3
